Skip to content
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Jan 16, 2026Ravie LakshmananMalware / Cyber Espionage Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.… 

Read More »LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

Jan 16, 2026Ravie LakshmananZero-Day / Cyber Espionage A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the… 

Read More »China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Jan 16, 2026Ravie LakshmananVulnerability / Web Security Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly… 

Read More »Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider’s own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability… 

Read More »AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
Update: Verizon is paying to anyone affected by Wednesday’s outage–here’s how to get it

Update: Verizon is paying $20 to anyone affected by Wednesday’s outage–here’s how to get it

Summary created by Smart Answers AI In summary: Macworld reports that Verizon is offering a $20 account credit to customers affected by Wednesday’s widespread voice and data outage. The outage impacted hundreds of thousands of… 

Read More »Update: Verizon is paying $20 to anyone affected by Wednesday’s outage–here’s how to get it
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Jan 15, 2026Ravie LakshmananWeb Security /Vulnerability A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score:… 

Read More »Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access